Legal
Privacy Policy
What Gridforged stores, why we need it, and how to get rid of it.
Gridforged ("Gridforged", "we", "us") operates the website at playgridforged.com, the Gridforged game client, and related online services. This policy explains what personal data we collect, why we collect it, how long we keep it, and how you can ask us to access or delete it.
1. What we collect
We collect the data needed to operate accounts, matchmaking, online play, player safety, and service health:
- Account and sign-in data. Your Gridforged account ID, linked provider IDs from Google, Apple, or Steam, and provider profile details you authorize, such as email address, display name, and avatar URL. We use provider sign-in as proof that an account belongs to you; we do not store provider passwords.
- Gridforged profile data. Your username, linked sign-in methods, account status, tutorial progress, selected settings, unlocked content, achievements, and similar account state.
- Gameplay data. Matchmaking state, party/friend/invite state, reconnect state, match history, games played, board snapshots used for nemesis ghost fights, leaderboard eligibility, and leaderboard fields such as username, rank, forged board wins, forged win rate, normal wins, normal win rate, account level, and earned hammescaler when you are listed.
- Notifications data. If push notifications are available and you enable them, we store device push tokens and platform labels so we can send game notifications and remove stale tokens.
- Diagnostics and logs. Crash reports, non-fatal error reports, stack traces, build/platform details, device or installation identifiers used by Firebase/Crashlytics/App Check, IP address, user agent, request timestamps, and security event logs.
- Support data. Information you include when you email us or otherwise request help, such as your username, provider email, device details, screenshots, or a description of the issue.
We do not request, store, or transmit your provider
password, contact list, calendar, drive contents, messages, or any
other scope beyond the sign-in scopes needed to authenticate you,
such as openid, email, and
profile where supported by the provider. We do not
collect precise location, contacts, camera, microphone, photos,
payment card data, or advertising identifiers.
2. How we use Google user data
Gridforged's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We use Google account data only to authenticate you, create or open your Gridforged profile, and link multiple providers to a single profile when you ask us to.
- We do not sell Google user data and we do not use it to serve ads.
- We do not transfer Google user data to third parties except as needed to provide or improve the sign-in feature, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you.
- We do not allow humans to read Google user data, except: (a) with your explicit consent, (b) for security purposes (e.g., investigating abuse), (c) to comply with applicable law, or (d) where the data is aggregated and used for internal operations in line with the policy.
3. How the data is used
- Authentication. Confirm it's really you when you sign in and keep your session active.
- Account linking. Connect Google, Apple, and Steam identities to the same Gridforged profile after you prove ownership by signing in with each provider.
- Game functionality. Run matchmaking, online matches, reconnects, friends, invites, parties, tutorial progress, nemesis ghost fights, and leaderboard standing.
- Notifications. Send account or gameplay notifications when the feature is available and you allow them.
- Service health and security. Investigate crashes, fix bugs, prevent fraud or abuse, protect the service, and enforce the Terms of Service.
- Support. Respond to requests, account deletion requests, and account access questions.
We do not sell your data, serve third-party ads, or use your data to track you across other companies' apps or websites.
4. Where the data lives
Authentication is brokered by Firebase Authentication
(project gridforged-game). Profile, match, notification,
and leaderboard data live in services operated by Gridforged on
Google Cloud Platform, including Cloud Run,
Firestore, Cloud Logging, Firebase Cloud Messaging, Firebase App
Check, and Firebase Crashlytics where enabled. The account website
may use reCAPTCHA/App Check to protect sign-in and account-linking
routes from abuse.
We also integrate with Google Sign-In, Sign in with Apple, and Steam sign-in. Those providers process your data under their own terms and privacy policies. We use them only to authenticate you and link the providers you choose. We do not share your data with third parties for their independent advertising or marketing use.
5. Retention
- Account, profile, gameplay, and notification data is kept while your account exists or while needed to provide the service.
- Crash reports, operational logs, and security events are normally kept for limited debugging, abuse-prevention, and security windows, often up to 90 days unless we need them longer for security, legal, or integrity reasons.
- Backups may retain deleted data for a limited period until they expire in the normal backup cycle.
- Aggregated or anonymized statistics that no longer identify you may be kept for balancing, matchmaking, analytics, and service reliability.
6. Your controls
- Manage linked providers. Visit Account to sign in and manage Google, Apple, and Steam sign-in methods connected to your Gridforged profile.
- Revoke provider access. You can revoke Google access from your Google Account permissions page, manage Apple app access from your Apple ID settings, or manage Steam access through Steam. Revoking provider access may prevent future sign-in with that provider, but it does not delete your Gridforged account by itself.
- Access, correct, or delete your data. Use the instructions at Delete Account or email chase.c.cargill@gmail.com. We will verify the request and complete account deletion within 30 days unless a longer period is required by law, security, or abuse-prevention needs.
- Notifications. You can disable push notifications in your device settings. We also remove stale push tokens when providers report that they no longer work.
7. Children
Gridforged is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect data from them. If you believe a child has signed in, contact us and we will delete the account.
8. Security
We rely on Firebase Authentication and Google Cloud Platform for transport encryption (HTTPS), at-rest encryption, access control, secure token handling, and abuse prevention. Mobile builds store Firebase refresh tokens using platform secure storage where available, such as Android Keystore-backed encrypted preferences and iOS Keychain. No system is perfect, so we cannot guarantee absolute security, but we will notify affected users when required if a breach affects their data.
9. International users
Gridforged is operated from the United States. If you access the service from another region, your data is processed in the US under US law. By using the service you consent to that transfer.
10. Changes
We may update this policy as the game evolves. Material changes will be announced on the site and the "Last updated" date above will be bumped. Continued use after a change means you accept it.
11. Contact
Questions, requests, or complaints: chase.c.cargill@gmail.com. Support information is also available at Support.